Key information issuing device, wireless operation device, and program

ABSTRACT

A key information issuing device ( 1, 1 A,  1 B) issuing key information to a key information retaining device ( 2, 2 A,  2 B) includes an authentication module ( 14, 3 ) authenticating an issuer of the key information, an output module ( 13 ) outputting the key information to the key information retaining unit, and a recording module ( 11 ) recording a mapping of the issued key information to the key information retaining unit. The key information is issued in response to an indication of the authenticated issuer.

BACKGROUND OF THE INVENTION

The present invention relates to a key information processingtechnology.

Key information has hitherto been utilized in a variety of scenes in thehuman society. For example, data communications requiring theconfidentiality of information involve using encryption keys. Further,what key information is recorded on magnetic stripes is used as a keyfor a building and an office as a substitute for a metallic key matchingwith a configuration of a key hole. Pieces of information on encryptionkeys and keys for the buildings etc are generically termed keyinformation.

The prior art system is, however, incapable of easily changing such apiece of key information and reissuing the key information.Alternatively, even if capable of reissuing the key information, acipher is required to be stored, and hence the re-issuance needs are-storing process, which is time-consuming. Therefore, though theencryption keys are used in the communications between informationdevices such as personal computer (which hereinafter be abbreviated to aPC) and so on, simple communications performed in daily life such ascommunications between a TV receiver and a wireless remote controllerthereof and communications between a wireless keyboard and the personalcomputer, do not involve the use of the encryption keys.

Supposing that, for instance, home banking through the wireless remotecontroller and the wireless keyboard will be conducted from now on intothe future, however, it is desirable that those communications beperformed in an encryption-oriented system. It is because a password etcof a bank account might be intercepted (wiretapped).

It is required that a cipher be agreed upon between communicationdevices in order for communicating parties to decrypt such a cipher.Accordingly, there is needed a system capable of readily issuing theencryption key with security between the TV receiver and the wirelessremote controller and between the PC and the wireless keyboard.

On the other hand, magnetic stripe type and IC card type keys (whichwill hereinafter be called electronic keys) used for locking andunlocking, e.g., a building, an office and so on, are convenient tocarry and therefore easy to be lost and to become a target for theft.These types of keys are managed by, e.g., a center of a key (orbuilding) management company.

Hence, if such a key is lost, all the keys distributed for using thebuilding and offices must be collected, and the key information must berewritten. The collection and re-issuance of the keys are verytime-consuming.

SUMMARY OF THE INVENTION

It is a primary object of the present invention to provide a technologycapable of easily issuing key information to a key information retainingdevice that retains the key information.

It is another object of the present invention to provide a technologycapable of ensuring sufficient security for protecting the keyinformation when issued from being intercepted.

To accomplish the above objects, according to one aspect of the presentinvention, a key information issuing device (1, 1A, 1B) issuing keyinformation to a key information retaining device (2, 2A, 2B), comprisesan authentication module (14, 3) authenticating an issuer of the keyinformation, an output module (13) outputting the key information to thekey information retaining unit, and a recording module (11) recording amapping of the issued key information to the key information retainingunit, wherein the key information is issued in response to an indicationof the authenticated issuer.

Preferably, the key information retaining device (2, 2A, 2B) may be awireless operation device (2, 2A) wirelessly connected to an informationdevice and may include a key information input module (23) inputting thekey information in contact with the key information issuing device, andthe output module (13) may include a contact module outputting the keyinformation in contact with the key information input module (23).

Preferably, the key information retaining device (2, 2A, 2B) may be awireless operation device (2, 2A) wirelessly connected to an informationdevice and may include a medium input module inputting information froma recording medium, and the output module (13) may include a recordingmedium write module writing the information to the recording medium, andmay issue the key information through the recording medium.

Preferably, the key information retaining device (2, 2A, 2B) may be awireless operation device (2, 2A) wirelessly connected to an informationdevice and may include a near communication module incapable ofperforming communications beyond a predetermined distance, and theoutput module (13) may include a near communication module incapable ofperforming the communications with the key information retaining devicebeyond a predetermined distance, and may issue the key informationthrough the near communication module.

Preferably, the key information issuing device (1, 1A) may furthercomprise a receiving module (13) receiving wireless signals from the keyinformation retaining device, and a decoding module (11) decoding theinformation contained in the wireless signals and encrypted with the keyinformation.

According to another aspect of the present invention, a wirelessoperation device (2, 2A) wirelessly connected to an information device,comprises a key information input module (23) inputting key informationfor encrypting the information, a recording module (24) recording thekey information, an operation module (22) detecting an operation of auser, an encryption module (21) encrypting user's operation based inputinformation with the key information, and a transmission module (25)transmitting the encrypted input information to the information device.

Preferably, the key information input module (23) may include a contactmodule inputting the key information in a contact manner.

Preferably, the key information input module (23) may include a mediuminput module inputting information from a recording medium.

Preferably, the key information input module (23) may include a nearcommunication module incapable of performing communications beyond apredetermined distance.

Preferably, the wireless operation device (2, 2A) may further comprise asetting module setting an execution or non-execution of the encryption,wherein the encryption module may encrypt the input information when theexecution of the encryption is set.

According to still another of the present invention, a wirelessoperation device (2, 2A) wirelessly connected to an information device,comprises an operation module (22) detecting a user's operation, atransmission module (25) transmitting user's operation based inputinformation, and a confirmation module (21) confirming whether there isa response signal from the information device with respect to thetransmitted input information, wherein the transmission of the inputinformation is stopped if the response signal is not obtained.

According to a further aspect of the present invention, a wirelessoperation device (2, 2A) wirelessly connected to an information device,comprises an operation module (22) generating input information bydetecting a user's operation, a simulated information generating module(21) generating simulated information simulating the input information,and a transmission module (25) transmitting the input information or thesimulated information.

Preferably, the simulated information may be transmitted irrespective ofwhether the user's operation is made or not (S2A–S2C).

Preferably, the key information retaining device (2, 2A, 2B) may be anelectronic key (2B)that unlocks a predetermined area.

According to a still further aspect of the present invention, a keyinformation managing method of managing key information issued to a keyinformation retaining device, comprises authenticating an issuer of thekey information (S10–S11), generating key information (S15), outputtingthe key information to the key information retaining unit (S16), andrecording a mapping of the issued key information to the key informationretaining unit (S1B).

According to a yet further aspect of the present invention, there isprovided a program executed by a computer to actualize any one of thefunctions described above.

According to an additional aspect of the present invention, there isprovided a readable-by-computer recording medium recorded with such aprogram.

As described above, according to the present invention, it is possibleto ensure the sufficient security for protecting the communicationbetween the information device and the wireless remote control frombeing intercepted. According to the present invention, the keyinformation can be easily issued to the key information retaining devicefor retaining the key information. Further, according to the presentinvention the sufficient security against the interception can beensured when issuing the key information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing an information system as a whole in a firstembodiment of the present invention;

FIG. 2 is a block diagram showing a remote controller 2;

FIG. 3 is a diagram showing a data structure of a packet;

FIG. 4 is a flowchart showing steps of distributing an encryption key tothe remote controller 2 from a main unit 1;

FIG. 5 is a flowchart showing a process when operating the remotecontroller;

FIG. 6 is a flowchart showing details of a process of encrypting buttoninformation;

FIG. 7 is a flowchart showing details of a process of sending a buttoninformation packet and a dummy packet;

FIG. 8 is a flowchart showing a process when in a receiving operation ofthe main unit 1;

FIG. 9 is a diagram showing a system architecture of an informationsystem for executing home banking in a second embodiment of the presentinvention; and

FIG. 10 is a diagram showing a system architecture of an informationsystem for executing a security management of an office in a thirdembodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Preferred embodiments of the present invention will hereinafter bedescribed with reference to the accompanying drawings.

<<First Embodiment>>

A first embodiment of the present invention will hereinafter bedescribed with reference to FIGS. 1 through 8. FIG. 1 is a diagramshowing an information system as a whole in the first embodiment. FIG. 2is a block diagram showing a wireless remote controller 2. FIG. 3 is adiagram showing a data structure of a packet transmitted and receivedbetween a main unit 1 and the wireless remote controller 2. FIG. 4 is aflowchart showing steps of distributing an encryption key to thewireless remote controller 2 from the main unit 1. FIGS. 5 through 7 areflowcharts each showing a process when operating the wireless remotecontroller 2. FIG. 8 is a flowchart showing a process when the main unit1 receives the packet.

<Outline of Functions>

The information system in the first embodiment is operated throughwireless communications by the remote controller. This informationsystem authenticates a user and issues an encryption key for everyremote controller operated by the user. At this time the informationsystem records the encryption key issued for every remote controller.

When the user operates the information system by the remote controller,input information is encrypted by the encryption key. Then, the remotecontroller transmits a start-of-communication request to the informationsystem and transmits the encrypted input information.

The information system identifies the remote controller in response tothe start-of-communication request transmitted from the remotecontroller. Then, the information system collates the encryption keyissued to the requester remote controller with the key among thoserecorded. Subsequently, the information system decodes the inputinformation with this encryption key and detects an operation of theuser.

The encryption key is distributed in the following steps.

(1) A device on the main unit of the information system executesauthenticating the user identity. This process is to confirm whether theuser is qualified for receiving a distribution of key information.

(2) Next, the main unit confirms proximity of the remote controller tothe device itself.

(3) Subsequently, the main unit generates an encryption key (e.g., arandom number).

(4) The main unit transmits the encryption key via a safe communicationpath that prevents an interception (wiretapping).

(5) The main unit confirms that the remote controller receives theencryption key in safety.

<Whole Architecture>

FIG. 1 is the diagram showing the whole architecture of the presentinformation system. As shown in FIG. 1, this information system isconfigured by the main unit 1 and the wireless remote controller 2.

The main unit l is categorized as an information processing devicecapable of communicating with an outside system via an unillustratednetwork. The main unit 1 may be, for example, a personal computer (whichwill hereinafter be abbreviated to PC), a digital TV, a set-top box andso on.

The main unit 1 includes a PC-equivalent function module 11, a remotecontroller proximity confirmation module 12, a remote controllercommunication module 13 and an authenticating function module 14.

The PC-equivalent function module 11 includes a CPU for providing aninformation processing function, a memory for storing the informationand a communication interface for accessing the network. Thearchitecture and operation thereof are nowadays broadly known, and hencetheir explanations are herein omitted. The PC-equivalent function module11, based on this architecture, controls the main unit 1 and provides avariety of information processing functions.

For example, the PC-equivalent function module 11 generates theencryption key to be transmitted to the wireless remote controller. Thegeneration of the encryption key involves generating a random number (orprime number) by a predetermined algorithm. The generated encryption keyis required when in the remote communications and is therefore recordedand stored in the unillustrated memory of the main unit 1.

The PC-equivalent function module 11 embeds an ID for identifying thewireless remote controller into this key. Then, the PC-equivalentfunction module 11 records a mapping table containing the IDs of thewireless remote controllers 2 and the encryption keys distributed.

The ID may involve the use of a production number (serial number) of thewireless remote controller 2. Further, the ID of the remote controllermay also be generated by use a random number. With this ID, the presentinformation system can administer a plurality of remote controllers. Ifone single remote controller is to be used, the ID is not required. Ifthere are other necessary pieces of information, these pieces ofinformation may be contained in a part of the encryption key.

Further, the PC-equivalent function module 11 checks whether thewireless remote controller 2 surely receives the encryption key. In thiscase, the PC-equivalent function module 11 can confirm it simply by, forinstance, indicating the wireless remote controller 2 to transmit theencryption key back. Moreover, the wireless remote controller 2 maytransmit only a checksum of the encryption key back to the module 11.Even if failing to transmit the encryption key, the wireless remotecontroller 2 just falls into an unusable state and becomes usable byretrying the distribution steps. Accordingly, if the reliability of theencryption key transmission process is sufficiently high, there may beomitted the confirmation of whether the wireless remote controller 2surely receives the encryption key.

The PC-equivalent function module 11 provides a function ofauthenticating the user identity. The authentication method includes abiometrics authentication using a fingerprint, sound spectrogram etc, acode number authentication, a password authentication and so forth. Amethod corresponding to a confidentiality required and an actualizingcost can be selected from those methods.

The authentication function module 14 checks based on the authenticationmethod whether the user is qualified for indicating the distribution ofthe encryption key to the wireless remote controller 2. If the user isunqualified for indicating the distribution of the encryption key, themain unit 1 stops the process just when the user proves unqualified.

The remote controller proximity confirmation module 12 is, for instance,a push button and soon. The user, when making the wireless remotecontroller 2 proximal to the main unit 1, manipulates this remotecontroller proximity confirmation module 12 (e.g., presses the pushbutton). With this manipulation, the main unit 1 recognizes theproximity of the wireless remote controller 2.

In this state, the main unit 1 performs wire communications or wirelesscommunications using feeble radio waves with the wireless remotecontroller 2. The main unit 1 and the wireless remote controller 2 insuch a state are illustrated in a lower part in FIG. 1.

The remote controller communication module 13 provides a function oftransmitting the encryption key to the wireless remote controller 2. Theremote controller communication module 13 is configured of acommunication interface and a communication program. Interfacescategorized as a serial system such as RS232C, a parallel systempursuant to the Centronics Standard and other wire systems are usable asthe communication interface.

Thus, the present information system involves the use of thehard-to-intercept wire system for transmitting the encryption keyseparately from the wireless communication interface. Note that wirelesscommunication interface is, for example, an infrared-ray receivingmodule, a wireless LAN interface and soon. The wireless communicationsmay, however, also be utilized for transmitting the encryption key byusing an electromagnetic shield in combination.

Further, a close range wireless system incapable of communications at apredetermined distance or farther may also be used. In this case, theremote controller communication module 13 may incorporate both of theencryption key transmitting function and a function of receiving anencrypted operation signal from the wireless remote controller 2.

In this case, an interception countermeasure such as reducing atransmission output when in close proximity, may be taken together withthe electromagnetic shield. Note that there is no limit to a data formatfor distributing the key information described above.

FIG. 2 is the block diagram showing the wireless remote controller 2.The wireless remote controller 2 shown in FIG. 2 includes a processingunit 21 for controlling the components of the wireless remote controller2, a keyboard 22 for detecting a user's operation on the informationsystem and generating input information, an encryption key receivingmodule 23 for receiving the encryption key from the main unit 1 of theinformation system, a memory 24 to and from which the processing unit 21writes and read the information, a transmitting/receiving module 25 fortransmitting and receiving the information in the wirelesscommunications in accordance with an indication given from theprocessing unit 21, a display unit 26 for displaying various items ofinformation, an encryption ON/OFF switch 27 for specifying whether theencryption is executed or not, and a power unit (battery) for supplyingthe electric power to the wireless remote controller 2.

The processing unit 21 is, for instance, a microprocessor. Theprocessing unit 21 executes a control program loaded in the memory 24,thereby providing the function of the wireless remote controller 2. Forexample, the processing unit 21 receives the encryption key from themain unit 1 via the encryption key receiving module 23. Further, theprocessing unit 21 encrypts the information to be transmitted to themain unit by use of the encryption key received.

The keyboard 22 contains, in addition to alphabetic and numeral keys, avariety of buttons, an ON/OFF switch and so on. The user inputs anindication to the information system by manipulating these keys, buttonsand switch.

The encryption key receiving module 23 is defined as a communicationinterface corresponding to the remote controller communication module 13of the main unit 1 described above.

The memory 24 is constructed of a random access memory (RAM) and aread-only memory (ROM). The memory 24 is stored with programs executedby the processing unit 21 and tables used by the processing unit 21.

The transmitting/receiving module 25 is a communication interface forperforming the wireless communications with the main unit 1. Thetransmitting/receiving module 25 is, e.g., an infrared-ray emittingmodule and an infrared-ray receiving module, and a wireless LANinterface.

The display unit 26 displays an operation state of the wireless and soon. For example, the display unit 26 is a power lamp, etc.

The encryption On/Off switch 27 specifies whether the information isencrypted in the processing unit 21. This encryption On/Off switch is,provided so that the present wireless remote controller 2 is used forthe general purpose, for an example, in a case that the informationneeds to be encrypted in the communications with a TV receiver etc andan operation signal of an air-conditioner does not require theencryption (which means that a control unit of the air-conditioner isnot adapted to the encryption). The user does an on/off setting of theencryption in accordance with a target operated by the wireless remotecontroller 2 by use of the encryption On/Off switch 27.

<Data Structure>

FIG. 3 shows an example of the data structure of wireless communicationdata (which will hereinafter be referred to as a packet) transferred andreceived between the main unit 1 and the wireless remote controller 2.As shown in FIG. 3, according to the present information system, astart-of-communication packet, a communication permission packet, abutton information/dummy packet and an acknowledgement packet areprepared as packets of this category.

The start-of-communication packet is used for the wireless remotecontroller 2 to request the main unit 1 to start the communications. Asshown in FIG. 3, the start-of-communication A packet has fields storedwith a header, a packet ID, a remote controller ID, a piece of dummydata and a checksum.

The header is defined as a bit string that indicates the packettransferred and received between the main unit 1 and the wireless remotecontroller 2 in the present information system. Referring to FIG. 3, abit string “55AA” (hexadecimal number) is exemplified as the header.

The packet ID is an identification number specifying a category of thepacket. Referring again to FIG. 3, the ID “0000” is specified in thestart-of-communication packet.

The dummy data in the start-of-communication packet is defined as a bitstring embedded in an unused field of the start-of-communication packet.Further, the checksum is defined as a piece of information forconfirming a validity of the data when receiving the packet.

The communication permission packet is a packet used for the main unit 1to notify the wireless remote controller 2 of a communication permissionin response to the start-of-communication packet sent from the wirelessremote controller 2. As shown in FIG. 3, the communication permissionpacket has fields stored with a header, a packet ID, a remote controllerID, a session ID, apiece of dummy data and a checksum.

The header, the packet ID, the remote controller ID, the dummy data andthe checksum among these pieces of data are the same as those in thestart-of-communication packet. Further, the main unit 1 notifies thewireless remote controller 2 of the session ID each time thecommunication permission or receipt acknowledgement is made. Thewireless remote controller 2 encrypts the input information with thereceived key information and this session ID.

The button information/dummy data packet is categorized into a buttoninformation packet and a dummy packet. The button information packet isused for the wireless remote controller 2 to transmit the buttoninformation (input information of the button manipulated by the user) tothe main unit 1. Further, the dummy packet is used for transmitting thedummy data.

As shown in FIG. 3, the button information/dummy packet has fieldsstored with a header, a packet ID, a remote controller ID, encryptedbutton information or dummy data and a checksum.

The encrypted button information among these pieces of data is a pieceof input information generated when the user operates the wirelessremote controller 2. The button information is previously encrypted withthe encryption key and the session ID that have been transmitted fromthe main unit 1 to the wireless remote controller 2. Moreover, the dummypacket is a packet for preventing a third party from intercepting(wiretapping) the button information packet. The dummy packet containsdummy data simulating the button information. An unspecified number ofdummy packets are transmitted before and after the button informationpacket.

The acknowledgement packet is a packet used for the main unit 1 tonotify the wireless remote controller 2 of an acknowledgement inresponse to the button information/dummy packet sent from the wirelessremote controller 2. As shown in FIG. 3, the acknowledgement packet hasfields stored with a header, a packet ID, a remote controller ID a“checksum of the received packet”, a next session ID, and a checksum.

The “checksum of the received packet” among those pieces of data is achecksum of the packet received at the previous session. Further, thenext session ID is used for encrypting the button information next time.

<Operation>

FIG. 4 is the flowchart showing an example of an encryption keydistributing process. This process is a process of the program executedby the main unit 1 (the PC-equivalent function module 11) when the mainunit 1 transmits the encryption key to the wireless remote controller 2.

In this process, the main unit 1 at first executes authenticating theuser's identity (S10). The authentication of the user's identityinvolves reading the remote controller ID, reading the authenticationinformation from the user and confirming the authentication information.The authentication information given from the user includes afingerprint, a sound spectrogram, a code number or a password.

Next, the main unit 1 judges based on a result of this authenticationwhether the user is qualified for receiving the distribution of theencryption key (S11). This judgment is made based on a comparisonbetween the given authentication information and the authenticationinformation registered in the main unit 1. The main unit 1, when judgingthat the user is unqualified and is therefore unauthorized user, abortsthe process.

Whereas if judging that the user is qualified, the main unit 1 nextwaits for the wireless remote controller 1 to approach the main unit 1itself (S12). Then, the main unit 1 judges whether the wireless remotecontroller is in close proximity to the main unit 1 itself (S13).

Then, if the wireless remote controller 2 is not in close proximity, themain unit 1 judges whether it is a time-out or not (S14). If not thetime-out, the main unit 1 returns the control to S12. Whereas if it isthe time-out, the main unit aborts the process.

When judging in S13 that the wireless remote controller 2 getsapproached, the main unit 1 generates the encryption key (S15). Next,the main unit 1 transmits the encryption key to the wireless remotecontroller 2 (S16).

Subsequently, the main unit 1 waits for a response from the wirelessremote controller (S17). If there is no response, the main unit 1 judgeswhether it is the time-out (S19). Then, if not the time-out, the mainunit 1 returns the control to S17. Whereas if it is the time-out, themain unit 1 aborts the process.

When judging in S18 that there is the response, the main unit 1 judgeswhether this response is normal (S1A). If not normal, the main unit 1returns the control S12, and repeats the same process.

When judging in S1A that the response is normal, the main unit 1 createsand updates a mapping table stored with the remote controller ID and theencryption key (S1B). Thereafter, the main unit 1 finishes the process.

FIG. 5 shows the flowchart shoring the operation of the wireless remotecontroller. This process is a process of the program executed by theprocessing unit 21 of the wireless remote controller 2. An execution ofthis process is triggered by power-on of the wireless remote controller2 or by pressing an unillustrated reset button.

In this process, to start with, the wireless remote controller 2initializes the wireless remote controller 2 itself and comes to astatus of waiting for the encryption key (S20). Next, the wirelessremote controller 2 judges whether the receipt of the encryption key iscompleted (S21).

When the receipt of the encryption key is completed, the wireless remotecontroller 2 saves the received encryption key together with its ownremote controller ID, and sends a completion-of-receipt response (S22).Thereafter, the wireless remote controller 2 comes to a waiting status(S23) This waiting status continues till a new encryption key istransmitted or a user's button manipulation is detected.

Namely, when the receipt of the encryption key is started, the wirelessremote controller 2 returns the control to S21, and confirms thecompletion of the receipt. On the other hand, when detecting the user'sbutton manipulation, the wireless remote controller 2 sends thestart-of-communication packet (S24).

Then, the wireless remote controller 2 waits for the communicationpermission packet (S25). Subsequently, if unable to receive thecommunication permission packet from the main unit 1 in wait for apredetermined time, the wireless remote controller 2 shifts to thewaiting status (S23).

While on the other hand, when receiving the communication permissionpacket, the wireless remote controller 2 executes encrypting the buttoninformation (S27). Namely, the wireless remote controller 2 encrypts theinput information generated by the user's button manipulation.

Next, the wireless remote controller 2 sends a dummy packet (S28). Thenumber of times with which the dummy packet is sent is unspecified(random).

Next, the wireless remote controller 2 sends a button information packet(S29). Next, the wireless remote controller 2 sends a dummy packet(S2A). The number of times with which the dummy packet is sent is toounspecified (random).

Next, the wireless remote controller 2 judges whether the button ismanipulated (S2B). Further, if manipulated, the wireless remotecontroller 2 returns the control to S27.

Whereas if not manipulated, the wireless remote controller 2 judgeswhether it is a time-out or not (S2C). if not the time-out, the wirelessremote controller 2 returns the control to S2A. With this process, thedummy packet is transmitted an unspecified number of times till it comesto the time-out even when the user does not operate the wireless remotecontroller 2. Whereas if it is the time-out, the wireless remotecontroller 2 shifts to the waiting status (S23).

FIG. 6 shows a detailed process of encrypting the button information(S27 in FIG. 5). In this process, the wireless remote controller 2, tobegin with, judges whether the encryption On/Off switch 27 is switchedON (S270).

If the encryption On/Off switch 27 is switched OFF, the wireless remotecontroller 2 finishes the button information encryption process. Whereasif the encryption On/Off switch 27 is switched ON, the wireless remotecontroller 2 reads the key information (S271).

Next, the wireless remote controller 2 reads the session ID (S272). Thissession ID is obtained from the communication permission packet or theacknowledgement packet (see FIG. 3).

Next, the wireless remote controller 2 encrypts the input informationwith the key information and the session ID (S273). Thereafter, thewireless remote controller 2 finishes the button information encryptionprocess.

FIG. 7 shows details of the process of sending the button informationpacket and the dummy packet (S28, S29 or S2A)

In this process, the wireless remote controller 2 at first sends thepacket (the button information packet or the dummy packet) (S41).

Next, the wireless remote controller 2 waits for the acknowledgementpacket (S42). Then, the wireless remote controller 2 judges whether theacknowledgement packet is received (S43). If the acknowledgement packetis received, the wireless remote controller 2 advances the control tothe next process.

While on the other hand, when judging in S43 that the acknowledgementpacket is not yet received, the wireless remote controller 2 judgeswhether it is a time-out (S44). If not the time-out, the wireless remotecontroller 2 returns the control to S42 (S44). If not the time-out, thewireless remote controller 2 returns the control to S42. Whereas ifjudging in S44 that it is the time-out, the wireless remote controller 2shifts to the waiting status.

FIG. 8 is the flowchart showing a receiving operation of the main unit1. Upon a start of this process, the main unit 1 comes to a status ofwaiting for receiving the start-of-communication packet (S30). Then, themain unit 1 judges whether the receipt of the start-of-communicationpacket is completed (S31).

Then, when the receipt of the start-of-communication packet iscompleted, the wireless remote controller 2 collates the received remotecontroller ID (simply written as ID in FIG. 6) with the mapping table(created and updated in S1B in FIG. 4) (S32).

Next, the main unit 1 judges whether the received remote controller IDis valid (S33). If judged to be invalid, the main unit 1 returns thecontrol to S30.

Whereas if valid, the main unit 1 sends the communication permissionpacket (S34). Next, the main unit 1 comes to a status of waiting for thebutton information/dummy packet. Then, the main unit 1 judges whetherthe receipt of the button information/dummy packet is completed (S36).

The main unit 1, when the receipt of the button information/dummy packetis completed, sends the acknowledgement packet and further executes adecoding process (S37).

Subsequently, the main unit 1 judges whether the received packet is adummy packet (S38). If judged to be the dummy packet, the main unit 1returns the control to S35.

If not the dummy packet, the main unit 1 takes in the button information(S39). Thereafter, the main unit 1 returns the control to S35.

<Effects of Embodiment>

As discussed above, according to the information system in the firstembodiment, the button information generated when operating the wirelessremote controller 2 with respect to the main unit 1 or the informationsystem, is encrypted. It is therefore feasible to decrease thepossibility in which the operation signal generated when the informationsystem is operated through the wireless remote controller 2 might beintercepted by the third party.

Further, on such an occasion, according to the present informationsystem, the main unit 1 distributes the encryption key to the wirelessremote controller 2 in the wire communications in a way that brings thewireless remote controller 2 into contact with the main unit 1 or thewireless communications using the feeble radio waves with the wirelessremote controller 2 disposed in close proximity to the main unit 1.Hence, it is possible to reduce such a risk that the encryption keyitself might be intercepted (wiretapped) by the third party.

Moreover, according to the information system in the first embodiment,the information communications are carried out in a predeterminedshake-hand procedure, for instance, as by the start-of-communicationpacket and the response packet responding thereto. It is thereforepossible to reduce the risk that the operation signal generated whenoperating the information system through the wireless remote controllermight be intercepted by the third party.

Further, according to the information system in the first embodiment,for example, the dummy packets are transmitted before and aftertransmitting the button information packet. Hence, it is feasible todecrease the risk that the operation signal generated when operating theinformation system through the wireless remote controller 2 might beintercepted by the third party.

<Modified Example>

According to the first embodiment discussed above, the main unit 1 andthe wireless remote controller 2 communicate with each other by use ofthe packets as shown in FIG. 3. The embodiment of the present inventionis not, however, limited to the architecture and steps described above.For example, the start-of-communication packet basically capable oftransferring (containing) the remote control ID may suffice, and theheader, the packet ID etc may be or may not be added as the necessityarises.

Moreover, a data size of the packet may be a fixed length or a variablelength. In the case of the fixed length, the length may be adjusted byusing the dummy data shown in FIG. 3.

In the embodiment discussed above, the key information is passed to theencryption key receiving module 23 of the wireless remote controller 2in the communications from remote controller communication module 13 ofthe main unit 1 to the wireless remote controller 2. The embodiment ofthe present invention is not, however, limited to this architecture. Thekey information may be passed to the wireless remote controller 2 fromthe main unit 1 through a readable-by-computer recording medium such asa flash memory card and so on.

In this case, the writing portion (e.g., a card slot) to the recordingmedium may be provided in the main unit 1. Further, the wireless remotecontroller 2 may be provided with a reading portion (e.g., the cardslot) from the recording medium. Configurations of these accessingdevices to the recording medium are broadly known, and hence theirexplanations are herein omitted.

In the embodiment discussed above, the input information is encryptedwith the encryption key and the session ID. The embodiment of thepresent invention is not, however, confined to this method. Forinstance, the input information may be encrypted with only theencryption key without using the session ID.

Moreover, it is considered that all appliances in home are controlled byone single remote controller. In the case of utilizing the remotecontroller incorporating the encrypting function, On/Off states of theair-conditioners, the channels of the TV and operations of a personalcomputer are all encrypted.

For an example, the On/Off signals of the air-conditioner among theseoperations do not need the encryption, and there might be a case whereit is difficult to provide the air-conditioner with theencrypting/decrypting function. In such a case, the remote controllermay make an option of the encryption or non-encryption according to thenecessity and may thus perform the communications. In this case, theencryption On/Off switch 27 shown in FIG. 2 may be set OFF.

Alternatively, the PC is entrusted with all the remote controllercommunications and my decode by totally using the encryptedcommunications. In this case, if there is not the PC, the appliance cannot be controlled, and the remote controller is unusable. Accordingly,it follows that a range of utilizing such a system is limited.

<<Second Embodiment>>

A second embodiment of the present invention will hereinafter bedescribed referring to FIG. 9. FIG. 9 is a diagram showing a systemarchitecture of an information system for executing home banking in thesecond embodiment.

The discussion in the first embodiment has been focused on thearchitecture and the operation of the information system including thewireless remote controller 2 having the encrypting function and the mainunit 1 operated by the wireless remote controller 2. The secondembodiment will exemplify a case where this information system isapplied to home banking. Other configurations and operations in thesecond embodiment are the same as those in the first embodiment. Suchbeing the case, the same components are marked with the same numerals,and their repetitive explanations are omitted. Further, the reference tothe drawings in FIGS. 1 through 8 will be made as the necessity mayarise.

This information system is configured by a PC 1A implementing a remotecontroller function (which will hereinafter be abbreviated to the RCfunction), a remote controller 2A provided with a keyboard for operatingthe PC 1A, and a bank host computer connected to the PC 1A via LAN(Local Area Network)/WAN (Wide Area Network).

The configuration and the operation of the PC 1A with the RC functionare the same as those of the main unit 1 in the first embodiment.Further, the configuration and the operation of the remote controller 2Awith the keyboard are the same as those of the wireless remotecontroller 2 in the first embodiment.

The user inputs a code number to the PC 1A with the RC function throughthe remote controller 2A with the keyboard in the home banking. Thecommunication from the remote controller 2A with the keyboard to the PC1A with the RC function is similarly encrypted as in the informationsystem according to the first embodiment. This architecture is capableof reducing the possibility in which the code number etc is intercepted(wiretapped) by the third party when utilizing the home banking.

Note that the security in the communication from the PC 1A with the RCfunction via the LAN/WAN to the bank host computer has hitherto beenensured by the variety of methods.

Accordingly, the PC 1A with the RC function and the remote controller 2Awith the keyboard in the second embodiment cover an area that hashitherto been considered to be lowest in security in the home banking.

<Modified Example>

The second embodiment discussed above has exemplified the case where thekeyboard-attached remote controller 2A incorporating the encryptingfunction is applied to the home banking. The embodiment of the presentinvention is not, however, limited to this applied example. Namely, theremote controller 2A with the keyboard and the wireless remotecontroller with the encrypting function shown in the first embodiment,can be applied to various categories of information systems.

For example, the system described above can be applied when connected toan Internet provider. This is because the a password when connected tothe Internet provider can be used in the same way as a credit card. Thesystem for the encryption on the network and on the telephone line isgetting sophisticated, and hence an area exhibiting the lowestconfidentiality may be the remote controller as viewed from the wholesystem. Accordingly, the wireless remote controller 2 enhances such alowest-security area, i.e., enhances essentially the security of thesystem on the whole.

<<Third Embodiment>>

A third embodiment of the present invention will be explained withreference to FIG. 10. FIG. 10 is a diagram showing a system architectureof an information system for executing a security management in anoffice according to the third embodiment.

This system is configured by a key information management PC 1B forissuing an electronic key 2B used for an office worker to enter theroom, an authentication information input device 3 for authenticating anissuer of the key information, a lock management device at an entranceof the building, a lock management device at a door of the office, and akey information communication path that connects these lock managementdevices to the key information management PC 1B.

A configuration of the key information management PC 1B is the same asthat of the main unit 1 in the first embodiment. According to the thirdembodiment, the key information management PC 1B has a key informationmanagement table for managing the issued key information for everyelectronic key 2B of the key receiver. This key information managementtable is a mapping of IDs of the electronic keys 2B to the issued keyinformation.

The authentication information input device 3 serves to authenticatewhether the issuer issuing the key information is valid. Thisauthentication information input device 3 is, for example, a fingerprintreader, a sound spectrogram analyzer, a keyboard for inputting a codenumber or a password, and so forth.

The electronic key 2B includes a memory for recording the keyinformation. The electronic key 2B, for instance, a card formed withmagnetic stripes, an IC card, or a stick recorded with magnetism- orIC-based information.

When the key information of the this electronic key 2B is inputted tothe lock management device at the entrance of the building or at thedoor of the office, the key ID of the electronic key 2B and the keyinformation are transmitted via the key information communication pathto the key information management PC 1B. Then, if the key informationmanagement table has already been stored with the mapping of the key IDto the key information, the key information management PC 1B transmitsan unlock command the lock management device, thereby unlocking theentrance or the door.

This electronic key 2B is distributed to the worker who unlocks theentrance of the building or the door of the office. Then, if the numberof such new workers increases, the issuer of which the authenticationinformation is registered issues the key information.

Namely, the issuer at first authenticates the issuer himself or herselfby use of the authentication information input device 3, and nextcommands the key information management PC 1B to issue the keyinformation. The key information is thereby written to the newelectronic key 2B. In this case, the ID of the electronic key 2B and thekey information are entered in the key information management table.

Note that if the electronic key 2B is lost, the worker who is concernednotifies the issuer that the key 2B is lost. The issuer deletes the keyinformation of the electronic key 2B distributed to that worker from thekey information management table. Further, the issuer inputs the keyinformation in a new electronic key 2B using the same procedures andtransfers it to the worker who is concerned.

Thus, according to the system in the third embodiment, the authenticatedissuer can simply issue he electronic key 2B. Moreover, in case theelectronic key 2B is lost, the lost electronic key 2B can be madeineffective without exerting any influence on other workers.

<<Readable-by-Computer Recording Medium>>

The program executed by the computer to actualize any one of theprocesses (functions) described above in the embodiments discussed abovemay be recorded on a readable-by-computer recording medium. Then, thecomputer reads and executes the program on this recording medium,thereby providing the function of the main unit 1, the PC 1A with the RCfunction, the encryption key issuing device 1B, the wireless remotecontroller 2, or the remote controller 2A with the keyboard shown in theembodiment discussed above.

Herein, the readable-by-computer recording medium embraces recordingmediums capable of storing information such as data, programs, etc.electrically, magnetically, optically and mechanically or by chemicalaction, which can be all read by the computer. What is demountable outof the computer among those recording mediums may be, e.g., a floppydisk, a magneto-optic disk, a CD-ROM, a CD-R/W, a DVD, a DAT, an 8 mmtape, a memory card, etc.

Further, a hard disk, a ROM (Read Only Memory) and so on are classifiedas fixed type recording mediums within the computer.

<<Data Communication Signal Embodied in Carrier Wave>>

Furthermore, the above program may be stored in the hard disk and thememory of the computer, and downloaded to other computers viacommunication media. In this case, the program is transmitted as datacommunication signals embodied in carrier waves via the communicationmedia. Then, the computer downloaded with this program can be made toprovide the function of the main unit 1, the PC 1A with the RC function,the encryption key issuing device 1B, the wireless remote controller 2,or the remote controller 2A with the keyboard.

Herein, the communication media may be any one of cable communicationmediums such as metallic cables including a coaxial cable and a twistedpair cable, optical communication cables, or wireless communicationmedia such as satellite communications, ground wave wirelesscommunications, etc.

Further, the carrier waves are electromagnetic waves for modulating thedata communication signals, or the light. The carrier waves may,however, be DC signals. In this case, the data communication signaltakes a base band waveform with no carrier wave. Accordingly, the datacommunication signal embodied in the carrier wave may be any one of amodulated broadband signal and an unmodulated base band signal(corresponding to a case of setting a DC signal having a voltage of 0 asa carrier wave).

1. A key information issuing device issuing key information to a keyinformation retaining device, comprising: an authentication moduleauthenticating an issuer of the key information; an output moduleoutputting the key information to said key information retaining device;a recording module recording a mapping of the issued key information toinformation of said key information retaining device; a receiving modulereceiving wireless signals from said key information retaining device;and a decoding module decoding the information contained in the wirelesssignals and encrypted with the key information; wherein the keyinformation is issued in response to an indication of the authenticatedissuer; wherein said key information retaining device is a wirelessoperation device wirelessly connected to an information device andincludes a key information input module inputting the key information incontact with said key information issuing device, wherein said outputmodule includes a contact module outputting the key information incontact with said key information input module, and wherein the keyinformation outputted to said key information retaining device is lesslikely to be intercepted than the information contained in the wirelesssignal received from said key information retaining device.
 2. A keyinformation issuing device according to claim 1, wherein said keyinformation retaining device is an electronic key that unlocks apredetermined area.
 3. A key information issuing device issuing keyinformation to a key information retaining device, comprising: anauthentication module authenticating an issuer of the key information;an output module outputting the key information to said key informationretaining device; a recording module recording a mapping of the issuedkey information to information of said key information retaining device;a receiving module receiving wireless signals from said key informationretaining device; and a decoding module decoding the informationcontained in the wireless signals and encrypted with the keyinformation; wherein the key information is issued in response to anindication of the authenticated issuer; wherein said key informationretaining device is a wireless operation device wirelessly connected toan information device and includes a medium input module inputtinginformation from a recording medium, wherein said output module includesa recording medium write module writing the information to saidrecording medium, and issues the key information through said recordingmedium, and wherein the key information outputted to said keyinformation retaining device is less likely to be intercepted than theinformation contained in the wireless signal received from said keyinformation retaining device.
 4. A key information issuing deviceaccording to claim 3, wherein said key information retaining device isan electronic key that unlocks a predetermined area.
 5. A keyinformation issuing device issuing key information to a key informationretaining device, comprising: an authentication module authenticating anissuer of the key information; an output module outputting the keyinformation to said key information retaining device; a recording modulerecording a mapping of the issued key information to information of saidkey information retaining device; a receiving module receiving wirelesssignals from said key information retaining device; and a decodingmodule decoding the information contained in the wireless signals andencrypted with the key information; wherein the key information isissued in response to an indication of the authenticated issuer; whereinsaid key information retaining device is a wireless operation devicewirelessly connected to an information device and includes a nearcommunication module incapable of performing communications beyond apredetermined distance, wherein said output module includes a nearcommunication module incapable of performing the communications withsaid key information retaining device beyond a predetermined distance,and issues the key information through said near communication module,and wherein the key information outputted to said key informationretaining device is less likely to be intercepted than the informationcontained in the wireless signal received from said key informationretaining device.
 6. A key information issuing device according to claim5, wherein said key information retaining device is an electronic keythat unlocks a predetermined area.
 7. A key information managing methodof managing key information issued to a key information retainingdevice, comprising: authenticating an issuer of the key information;generating key information; outputting the key information to said keyinformation retaining device; and recording a mapping of the issued keyinformation to information of said key information retaining device;receiving wireless signals from said key information retaining device;and decoding the information contained in the wireless signals andencrypted with the key information; wherein said key informationretaining device is a wireless operation device wirelessly connected toan information device and includes an input module inputting informationin a contact manner, wherein outputting the key information involvesissuing the key information through said input module, and wherein thekey information outputted to said key information retaining device isless likely to be intercepted than the information contained in thewireless signal received from said key information retaining device. 8.A key information managing method according to claim 7, wherein said keyinformation retaining device is an electronic key that unlocks apredetermined area.
 9. A key information managing method of managing keyinformation issued to a key information retaining device, comprising:authenticating an issuer of the key information; generating keyinformation; outputting the key information to said key informationretaining device; and recording a mapping of the issued key informationto information of said key information retaining device; receivingwireless signals from said key information retaining device; anddecoding the information contained in the wireless signals and encryptedwith the key information; wherein said key information retaining deviceis a wireless operation device wirelessly connected to an informationdevice and includes a medium input module inputting information from arecording medium, wherein outputting the key information involveswriting the information to said recording medium to issue the keyinformation through said recording medium, and wherein the keyinformation outputted to said key information retaining device is lesslikely to be intercepted than the information contained in the wirelesssignal received from said key information retaining device.
 10. A keyinformation managing method according to claim 9, wherein said keyinformation retaining device is an electronic key that unlocks apredetermined area.
 11. A key information managing method of managingkey information issued to a key information retaining device,comprising: authenticating an issuer of the key information; generatingkey information; outputting the key information to said key informationretaining device; and recording a mapping of the issued key informationto information of said key information retaining device; receivingwireless signals from said key information retaining device; anddecoding the information contained in the wireless signals and encryptedwith the key information; wherein said key information retaining deviceis a wireless operation device wirelessly connected to an informationdevice and includes a near communication module incapable of performingcommunications beyond a predetermined distance, wherein outputting thekey information involves issuing the key information through said nearcommunication module, and wherein the key information outputted to saidkey information retaining device is less likely to be intercepted thanthe information contained in the wireless signal received from said keyinformation retaining device.
 12. A key information managing methodaccording to claim 11, wherein said key information retaining device isan electronic key that unlocks a predetermined area.
 13. Areadable-by-computer recording medium recorded with a program executedby a computer to manage key information issued to a key informationretaining device, comprising: authenticating an issuer of the keyinformation; generating key information; outputting the key informationto said key information retaining device; recording a mapping of theissued key information to information of said key information retainingdevice; receiving wireless signals from said key information retainingdevice; and decoding the information contained in the wireless signalsand encrypted with the key information; wherein said key informationretaining device is a wireless operation device wirelessly connected toan information device and includes an input module inputting informationin a contact manner; wherein outputting the key information involvesissuing the key information through said input module, and wherein thekey information outputted to said key information retaining device isless likely to be intercepted than the information contained in thewireless signal received from said key information retaining device. 14.A readable-by-computer recording medium recorded with a programaccording to claim 13 wherein said key information retaining device isan electronic key that unlocks a predetermined area.
 15. Areadable-by-computer recording medium recorded with a program executedby a computer to manage key information issued to a key informationretaining device, comprising: authenticating an issuer of the keyinformation; generating key information; outputting the key informationto said key information retaining device; recording a mapping of theissued key information to information of said key information retainingdevice; receiving wireless signals from said key information retainingdevice; and decoding the information contained in the wireless signalsand encrypted with the key information; wherein said key informationretaining device is a wireless operation device wirelessly connected toan information device and includes a medium input module inputtinginformation from a recording medium, wherein outputting the keyinformation involves writing the information to said recording medium toissue the key information through said recording medium, and wherein thekey information outputted to said key information retaining device isless likely to be intercepted than the information contained in thewireless signal received from said key information retaining device. 16.A readable-by-computer recording medium recorded with a programaccording to claim 15, wherein said key information retaining device isan electronic key that unlocks a predetermined area.
 17. Areadable-by-computer recording medium recorded with a program executedby a computer to manage key information issued to a key informationretaining device, comprising: authenticating an issuer of the keyinformation; generating key information; outputting the key informationto said key information retaining device; recording a mapping of theissued key information to information of said key information retainingdevice; receiving wireless signals from said key information retainingdevice; and decoding the information contained in the wireless signalsand encrypted with the key information; wherein said key informationretaining device is a wireless operation device wirelessly connected toan information device and includes a near communication module incapableof performing communications beyond a predetermined distance, whereinoutputting the key information involves issuing the key informationthrough said near communication module, and wherein the key informationoutputted to said key information retaining device is less likely to beintercepted than the information contained in the wireless signalreceived from said key information retaining device.
 18. Areadable-by-computer recording medium recorded with a program accordingto claim 17, wherein said key information retaining device is anelectronic key that unlocks a predetermined area.